gh0strat | 3a551f8085e4252580ea0f482f2547ae | Triage

Sharing

General

Target

3a551f8085e4252580ea0f482f2547ae
Size

328KB
MD5

3a551f8085e4252580ea0f482f2547ae
SHA1

779b52cb636ecd52bfccd9e6726f4798e93f00ae
SHA256

02d0285280d5c816014c78c1b1cee34d0e568f49b26031b51868a288d38d6073
SHA512

e4450bab462c8b1f3502b48b2939dc79adbb28fe192614bcb7fa8cbab4f8207b06d3c848f4a028df4f92312429d7a9fb49bea213fa0e723a360e3bdd20088237
SSDEEP

6144:9ZpiqvdXjKwTc5YoPuNl0n+V3QhbuDlu24SPF/wX3C1gy/D32gsJ8CY:9ZpigdXWwI5Hu0n+Vghba14K2y627i8f

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a551f8085e4252580ea0f482f2547ae

Files

3a551f8085e4252580ea0f482f2547ae
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain
aaaa
bbbb
main

Sections

.textbss
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 532B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ